Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=zeus-next 2020-09-10T12:21:41+00:00 2020-09-10T12:21:41+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2020-09-08T02:56:38+00:00 urn:sha1:0b9096fc1e187923b0e3d16d1f28371447134077 Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 7a9969fe8cb8b039976bcd482d7b815922ae54ea) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-09-09T09:15:32+00:00 urn:sha1:44b251630ee1adeaa54d28fb8daa01525ebace2d Similiarly to attr, do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of acl in newer releases don't have the issue. (From OE-Core rev: 036a4b425f88a237c2c7c1b9575bd2d372a8e130) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-09-07T15:33:08+00:00 urn:sha1:f88445342f9e93e864399dd8db937aacaab035fb do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of attr in newer releases don't have the issue. (From OE-Core rev: 3bea0931087698b9913f56bb93df3ef279ab4930) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-12T09:53:51+00:00 Rahul Taya Rahul.Taya@kpit.com 2020-07-30T08:41:51+00:00 urn:sha1:fb9a4d23c3de9b0140c999322034f8c969e8b1c7 Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya <Rahul.Taya@kpit.com> (From OE-Core rev: 3f536edfa56ce3f93223c23ed48427a0c24ede1a) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-04T22:17:38+00:00 Ovidiu Panait ovidiu.panait@windriver.com 2020-07-14T08:18:13+00:00 urn:sha1:20757f3bb4bdb2c90ddd9cf3433605a5007bb1b5 Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Upstream patch: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e (From OE-Core rev: c447b32c1ec0c117748a4be68dda02d375c81b85) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-04T22:17:38+00:00 Sakib Sajal sakib.sajal@windriver.com 2020-07-10T06:58:23+00:00 urn:sha1:f29b31784ae836b0d7f6f62398814900550a0c87 Fixes CVE-2020-11655 (From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00) (From OE-Core rev: 36edee3e489e7bd94d6fa555f87d94c5ec0f3ad8) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [ without the CVE-2020-11656 fix that did not apply cleanly ] Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-04T22:17:38+00:00 Hongxu Jia hongxu.jia@windriver.com 2020-07-06T02:26:59+00:00 urn:sha1:0ecd636a526815047c5464186f14963bd2c54954 (From OE-Core rev: 6e16ef0c2e0ec2bbb862231cd84e7650bd5789af) (From OE-Core rev: add9b04f0596ade188224104595406d638a6fa73) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 75e91b8e52ec77398e6b0fc09456e971662d9d7e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-04T22:17:37+00:00 Joe Slater joe.slater@windriver.com 2020-07-08T21:07:52+00:00 urn:sha1:662919a486406b322f96cc72744b3823c0eb1469 vim will abort in many places with this setting. Replace it with the benign _FORTIFY_SOURCE=1. (From OE-Core rev: d9de155f6452f916edd3131addd0c2eebaf4d639) (From OE-Core rev: db1e93c33150e712b90e81450fd2e161ea2fad08) Signed-off-by: Joe Slater <joe.slater@windriver.com> (cherry picked from commit 18129cbaeddb3278efe9963718556e3765f06c1e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-04T22:17:37+00:00 Lee Chee Yang chee.yang.lee@intel.com 2020-07-08T21:07:49+00:00 urn:sha1:ea0d41cdfb46b683b3421fec3733e83dbd05a6ab (From OE-Core rev: 2e497029ee00babbc50f3c1d99580230bc46155c) (From OE-Core rev: 221e42c20148bb57986dfa862b352b9264694003) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-07-08T09:47:50+00:00 haiqing haiqing.bai@windriver.com 2020-06-15T08:15:24+00:00 urn:sha1:577f1b0b2fba641106959758cd59250ea38d0a64 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket Backport the patch from upstream: https://gitlab.com/gnutls/gnutls.git commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca commit 50ad8778a81f9421effa4c5a3b457f98e559b178 commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da (From OE-Core rev: 86870cd2ff3555161ea5bb434740338ec20495a0) Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>